[syslog-ng] Has Anyone Gotten Syslog-NG Running as Non-Root Working?

Mathew Brown mathewbrown at fastmail.fm
Wed Nov 28 10:30:26 CET 2007

  I'm currently trying to get syslog-ng running as a non-privileged
  user.  What I've done so far is as follows:

* create a sysng user and group
* stopped syslog from running
* modified /etc/sysconfig/syslog-ng and set SYSLOGNG_OPTIONS to
SYSLOGNG_OPTIONS="-p /var/run/syslogd.pid -u sysng -g sysng"
* Added the following to my config file:


# default owner, group, and permissions for created directories
# (defaults are 0, 0, 0700)

* Fixed permissions under /var/log as follows:

chgrp -R sysng /var/log
chmod -R g+wx /var/log

* However, my primary problem is reading from /proc/kmsg. It seems that
when syslog-ng initially starts, it can open /proc/kmsg before it drops
privileges to sysng.  Strace shows that it did:

17692 open("/proc/kmsg", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 3

However, I then find the following in my /var/log/messages file:

Nov 28 10:42:37 localhost syslog-ng[18356]: I/O error occurred while
reading; fd='3', error='Operation not permitted (1)'

So it looks like it can't read from /proc/kmsg.

Has anyone gotten this working?  I found several related emails but
without a resolution to this issue including:

* https://lists.balabit.hu/pipermail/syslog-ng/2007-January/009684.html
* https://lists.balabit.hu/pipermail/syslog-ng/2007-October/010804.html

One possible solution that I'm currently thinking of is to use klogd
instead of reading from /proc/kmsg.  Any input?  Thanks for your help.
  Mathew Brown
  mathewbrown at fastmail.fm

http://www.fastmail.fm - One of many happy users:

More information about the syslog-ng mailing list